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Docket No.: CISCO-8363 
(REISSUE OF CISCO-0737) 
032590-000223 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
application. 

Listing of Claims: 

Originally patented claims 1-30 are amended as follows: 

1 . (ORIGINAL) A method for managing network access to a data communications network, said 
method comprising: 

maintaining a central database; 

maintaining at least one authentication, authorization and accounting (AAA) service at a point of 

presence (PoP) of the data communications network; and 
configuring a database associated with the AAA service from the central database, wherein said 

configuring includes publishing information from said central database on an information 

bus as at least one event, said AAA service subscribing to said event so as to receive said 

published information so as to thereby update its associated database. 

2. (ORIGINAL) A method in accordance with claim 1, further comprising: 

receiving at a protocol gateway in the PoP a network access request from a user through a 

network access server (NAS); 
parsing the network access request for an identification of the user's domain; 
routing the network access request to the AAA service at the PoP if the user's domain 

corresponds to that of the PoP; 
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looking up a domain identification entry corresponding to the user's domain in the AAA service's 

database if the user's domain does not correspond to that of the PoP; 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of the PoP. 

(ORIGINAL) A method in accordance with claim 2, fiirther comprising: obtaining an IP 
address for the user firom the AAA service in the user's domain if the user's domain does not 
correspond to that of the PoP. 

(CURRENTLY AMENDED) A method in accordance with claim 2, further comprising: 
assigning an IP address to the user firom a local DHCP pool of IP [address] addresses if the user's 
domain does not correspond to that of the PoP. 

(ORIGINAL) A method in accordance with claim 2, fiirther comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 

received from the user's domain's AAA service if the user's domain does not correspond to 

that of the PoP. 

(ORIGINAL) A method for managing network access to a data communications network, said 
method comprising: 
maintaining a central database; 
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maintaining a plurality of authentication, authorization and accounting (AAA) services at a point 
of presence (PoP) of the data communication network; and 

configuring databases associated with the AAA services fi-om the central database, wherein said 
configuring includes publishing information firom said central database on an information 
bus as at least one event, said AAA services subscribing to said event so as to receive said 
published information so as to thereby update their associated databases. 



7. (ORIGINAL) A method in accordance with claim 6, further comprising: 

receiving at a protocol gateway in the PoP a network access request fi'om a user through a 

network access server (NAS); 
parsing the network access request for an identification of the user's domain; 
routing the network access request to one of said plurality of AAA services at the PoP if the 

user's domain corresponds to that of the PoP while load balancing among said plurality of 

AAA services; 

looking up a domain identification entry corresponding to the user's domain in one of said 
plurality of AAA service's databases if the user's domain does not correspond to that of the 
PoP; 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entry of the database if the user's domain does 
not correspond to that of the PoP. 
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8. (ORIGINAL) A method in accordance with claim 7, further comprising: 

obtaining an IP address for the user from the AAA service in the user's domain if the user's 
domain does not correspond to that of the PoP. 

9. (CURRENTLY AMENDED) A method in accordance with claim 7, further comprising: 
assigning an IP address to the user from a local DHCP pool of IP [address] addresses if the user's 

domain does not correspond to that of the PoP. 

10. (ORIGINAL) A method in accordance with claim 7, further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to 
that of the PoP. 

1 1 . (ORIGINAL) A method for managing network access to a data communications network, said 
method comprising: 

maintaining a central database, said central database containing access information for 

authentication, authorization and accounting services associated with domains of the data 

communications network; 
maintaining at a point of presence (PoP) of the data communications network at least one AAA 

service and at least one proxy service and at least one protocol gateway in communication 

with a network access server (NAS); 
periodically publishing information contained in said central database; 
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subscribing at said AAA and said proxy service to information published from said central 
database; 

receiving at a protocol gateway in the PoP a network access request from a user through a 

network access server (NAS); 
parsing the network access request at the protocol gateway for an identification of the user's 

domain; 

routing the network access request to an AAA service at the PoP if the user's domain 

corresponds to that of the PoP; 
looking up access information within a domain identification entry corresponding to the user's 

domain in a database associated with the proxy server if the user's domain does not 

correspond to that of the PoP; and 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the access information if the user's domain does not correspond to that of 

the PoP. 

12. (ORIGINAL) A method in accordance with claim 1 1, fiirther comprising: 

obtaining an IP address for the user from an AAA service in the user's domain if the user's 
domain does not correspond to that of the PoP. 

13. (CURRENTLY AMENDED) A method in accordance with claim 1 1, fiirther comprising: 
assigning an IP address to the user from a local DHCP pool of IP [address] addresses if the user's 

domain does not correspond to that of the PoP. 
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14. (ORIGINAL) A method in accordance with claim 11, further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to that 
of the PoP. 

15. (ORIGINAL) A method of managing network access requests to a data communications 
network, said method comprising: 

receiving at a protocol gateway in a point of presence (PoP) of tlie data communications network 
a network access request from a user through a network access server (NAS); 

parsing the network access request for an identification of the user's domain; 

routing the network access request to one of the plurality of authentication, authorization and 
accounting (AAA) services associated with the PoP if the user's domain corresponds to that 
of the PoP while load balancing among the pluraUty of AAA services; 

looking up a domain identification entry corresponding to the user's domain in a database if the 
user's domain does not correspond to that of the PoP; 

proxying the network access request via one of a pluraUty of proxy services to an AAA service 
in the user's domain at an address and port as specified in the domain identification entry of 
the database if the user's domain does not correspond to that of the PoP while load balancing 
among the plurality of proxy services. 

16. (ORIGINAL) A method in accordance with claim 15, further comprising: 

obtaining an IP address for the user from the AAA service in the user's domain if the user's 
domain does not correspond to that of the PoP. 
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17. (CURRENTLY AMENDED) A method in accordance with claim 15, further comprising: 

assigning an IP address to the user from a local DHCP pool of IP [address] addresses if the user's 
domain does not correspond to that of the PoP. 

(ORIGINAL) A method in accordance with claim 15, further comprising: 
assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the users domain's AAA service if the user's domain docs not correspond to 
that of the PoP. 

19. (ORIGINAL) A method for managing network access to a data communications network, said 
method comprising: 

maintaining a central database, said central database containing access information for 

authentication, authorization and accounting (AAA) services associated with domains of the 

data communications network; 
maintaining at a point of presence (PoP) of the data conmiunications network a pluraUty of AAA 

services at least one AAA service and at least one proxy service and at least one protocol 

gateway in communication with a network access server (NAS); 
periodically publishing information contained in said central database; 
subscribing at said AAA and said proxy service to information published from said central 

database; 

receiving at a protocol gateway in the PoP a network access request from a user through a 
network access server (NAS); 
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parsing the network access request at the protocol gateway for an identification of the user's 
domain; 

routing the network access request to one of said plurality of AAA services at the PoP if the 
user's domain corresponds to that of the PoP while load balancing among said plurality of 
AAA services; 

looking up access information within a domain identification entry corresponding to the user's 
domain in a database associated with one of said plurality of proxy services if the user's 
domain does not correspond to tliat of tlie FoP while load balancing among said plurality of 
proxy services; and 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the access information if the user's domain does not correspond to that of 
the PoP. 



20. (ORIGINAL) A method in accordance with claim 19, fiirther comprising: 

obtaining an IP address for the user fi-om an AAA service in the user's domain if the user's 
domain does not correspond to that of the PoP. 



21. (CURRENTLY AMENDED) A method in accordance with claim 19, fiuther comprising: 

assigning an IP address to the user fi-om a local DHCP pool of IP [address] addresses if the user's 
domain does not correspond to that of the PoP. 
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22. (ORIGINAL) A method in accordance with claim 19, further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to 
that of the PoP. 

23. (ORIGINAL) A method of managing network access requests to a data communications 
network, said method comprising: 

receiving at a protocol gateway in a point of presence (PoP) of the data communications neUvork 

a network access request from a user through a network access server (NAS); 
parsing the network access request for an identification of the user's domain; 
routing the network access request to an authentication, authorization and accounting (AAA) 

service associated with the PoP if the user's domain corresponds to that of the PoP; 
looking up a domain identification entry corresponding to the user's domain in a database if the 

user's domain does not correspond to that of the PoP; 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of the PoP. 

24. (ORIGINAL) A method in accordance with claim 23, further comprising: 

obtaining an IP address for the user from the AAA service in the user's domain if the user's 
domain does not correspond to that of the PoP. 
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25. (CURRENTLY AMENDED) A method in accordance with claim 23, further comprising: 

assigning an IP address to the user from a local DHCP pool of IP [address] addresses if the user's 
domain does not correspond to that of the PoP. 

2'6. (ORIGINAL) A method in accordance with claim 23, further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to 
that of the PoP. 



27. (ORIGINAL) A system for data communications network access management, comprising: 
a central database containing information identifying access information for authentication, 

authorization and accoimting (AAA) services associated with domains of the data 

communications network; 
a publisher, said publisher publishing information from said central database to subscribers over 

an information bus; 

a point of presence (PoP) on the data communications network, said PoP including a protocol 
gateway in communication with at least one network access server (NAS); 

an AAA service associated with said PoP and in conmiunication with said protocol gateway, said 
AAA service subscribing to information published by said publisher; and 

a proxy service associated with the PoP and in conmiunication with said protocol gateway, said 
proxy service subscribing to information published by said publisher. 
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said protocol gateway receiving network access requests from users over the NAS, parsing the 
requests for domain identification and routing the requests for domains other than those 
associated with the PoP to the proxy service, 

said proxy service routing network access requests to AAA services in remote domains in 
accordance with said access information. 



28. (CURRENTLY AMENDED) A system in accordance with claim 27, further comprising: an 
AAA database associated with said AAA service; and a proxy database associated Vy'ith said 
proxy service, 

said AAA database populated at instantiation of said AAA service by receiving information 

published by said pubUsher from said central database, 
said proxy database populated at instantiation of said proxy service by receiving information 

published by said publisher from said central database. 



29. (ORIGINAL) A system for data commxmications network access management, comprising: 
a central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domains of the data 

communications network; 
a publisher, said publisher publishing information from said central database to subscribers over 

an information bus; 

a point of presence (PoP) on the data communications network, said PoP including a protocol 
gateway in communication with at least one network access server (NAS); 
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a plurality of AAA services associated with said PoP and in commiinication with said protocol 
gateway, said AAA services subscribing to information published by said publisher; and 

a plurality of proxy services associated with said PoP and in communication with said protocol 
gateway, said proxy services subscribing to information published by said publisher, 

said protocol gateway receiving network access requests from users over the NAS, parsing the 
requests for domain identification and routing the requests for domains other than those 
associated with the PoP to one of said plurality of proxy services while load balancing 
among them, 

said proxy service routing network access requests to AAA services in remote domains in 
accordance with said access information. 

30. (CURRENTLY AMENDED) A system in accordance with claim 29, further comprising: 
a plurality of AAA databases associated with said respective AAA services; and 

a plurality of proxy databases associated with said respective proxy services, 

said AAA databases populated at instantiation of said respective AAA services by receiving 

information pubUshed by said pubUsher from said central database, 
said proxy databases populated at instantiation of said respective proxy services by receiving 

information published by said pubUsher from said central database. 

Please add new claims 31-73 as follows: 

31. (New) A method for managing network access to a data communications network, said method 
comprising: 
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maintaining a central database coupled to the data communications network: 

maintaining at least a first authentication, authorization and accounting (AAA) service at a first 

point of presence CPdP) of the data communications network and a second AAA service at a 

second PoP of the data communications network: 
configuring a database associated with the first AAA service fi'om the central database by 

transporting information fi*om the central database over the data communications network to 

the database associated with the first AAA service: and 
configuring a database associated with the second AAA service fi'om the central database by 

transporting information from the central database over the data communications network to 

the database associated with the second AAA service. 

32. (New) The method of claim 3L fiirther comprising: 

periodically updating the database associated with the first AAA service from the central 
database by transporting information from the central database over the data 
communications network to the database associated with the first AAA service. 

33. (New) The method of claim 32. fiirther comprising: 

periodically updating the database associated with the second AAA service from the central 
database by transporting information from the central database over the data 
communications network to the database associated with the second AAA service. 
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34. (New) The method of claim 3L further comprising: 

receiving at a protocol gateway in the first PoP a network access request from a user through a 

network access server (NAS): 
parsing the network access request for an identification of the user's domain: 
routing the network access request to the first AAA service at the first PoP if the user's domain 

corresponds to that of the first PoP; 
looking up a domain identification entry corresponding to the user's domain in the first AAA 

service's database if the user's domain does not correspond to that of the first PoP; 
proxving the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of the first PoP. 

35. (New) The method of claim 34. fiuther comprising: 

obtaining an IP address for the user from the AAA service in the user's domain if the user's 
domain does not correspond to that of the first PoP. 

36. (New) The method of claim 34. fiirther comprising: 

assigning an IP address to the user from a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the first PoP. 
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37. (New) The method of claim 34, further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to 
that of the first PoR 

38. (New) A method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database coupled to the data conimmiications netw^ork: 

maintaining a plurality of first authentication, authorization and accounting (AAA) services at a 

first point of presence fPoP) of the data communications network and a second AAA service 

at a second PoP of the data communications network: 
configuring one or more databases associated with the first AAA services from the central 

database bv transporting information from the central database over the data 

communications network to the database(s) associated with the first AAA services: and 
configuring a database associated with the second AAA service from the central database bv 

transporting information from the central database over the data communications network to 

the database associated with the second AAA service. 



39. (New) The method of claim 38, fiuther comprising: 

receiving at a protocol gateway in the first PoP a network access request from a user through a 

network access server (NAS): 
parsing the network access request for an identification of the user's domain: 
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routing the network access request to one of said plurality of first AAA services at the first PoP if 

the user*s domain corresponds to that of the first PoP while load balancing among said 

plurality of first AAA services: 
looking up a domain identification entry corresponding to the user^s domain in one of said 

plurality of first AAA service's databasef s) if the user^s domain does not correspond to that 

of the first PoP: 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entry of the database if the user's domain does 
not correspond to that of the first PoP. 



40. (New) The method of claim 39. fiirther comprising: 

obtaining an IP address for the user fi'om the AAA service in the user's domain if the user's 
domain does not correspond to that of the first PoP. 



41. (New) The method of claim 39. fiirther comprising: 

assigning an IP address to the user fi'om a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the first PoP. 



42. (New) The method of claim 39. fiirther comprising: 

assigning an IP address to the user firom an IP address pool identified in an access-accept packet 
received fi'om the user's domain's AAA service if the user's domain does not correspond to 
that of the first PoP. 
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43. (New) A method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database coupled to the data communications network, said central 

database containing access information for authentication, authorization and accounting 

(AAA) services associated with domains of the data communications network: 
maintaining at a first point of presence (PoP) of the data communications network at least one 

first AAA service and at least one first proxy service and at least one first protocol gateway 

in communication with a network access server (NAS ): 
periodically transporting information contained in the central database fi:'om the central database. 

over the data communications network, to the first AAA service(s). the first proxy service(s) 

and the first protocol gateway(s): 
receiving at a protocol gateway in the first PoP a network access request firom a user through a 

network access server (NAS): 
parsing the network access request at the first protocol gateway for an identification of the user's 

domain: 

routing the network access request to an AAA service at the first PoP if the user's domain 

corresponds to that of the first PoP: 
looking up access information within a domain identification entry corresponding to the user's 

domain in a database associated with the first proxy server if the user's domain does not 

correspond to that of the first PoP: and 
proxving the network access request to an AAA service in the user's domain at an address and 

port as specified in the access information if the user's domain does not correspond to that of 

the first PoP. 
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44. (New) The method of claim 43. further comprising: 

obtaining an IP address for the user from an AAA service in the user's domain if the user's 
domain does not correspond to that of the first PoP. 

45. (New) The method of claim 43. further comprising: 

assigning an IP address to the user from a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the first PoP. 

46. (New) The method of claim 43. further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to 
that of the first PoP. 

47. (New) A method for managing network access requests to a data conmiunications network, said 
method comprising: 

receiving at a protocol gateway in a first point of presence (PoP) of the data communications 
network a network access request from a user received through a network access server 
(NAS): 

parsing the network access request for an identification of the user's domain; 

routing the network access request to one of the plurality of authentication, authorization and 
accounting (AAA) services associated with the first PoP if the user's domain corresponds to 
that of the first PoP while load balancing among the plurality of AAA services: 
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looking up a domain identification entry corresponding to the user's domain in a database 
associated with the one AAA if the user's domain does not correspond to that of the first 
PoP: 

proxving the network access request via one of a pluraUtv of proxy services to an AAA service 
in the user's domain at an address and port as specified in the domain identification entry of 
die 

database if the user's domain does not correspond to that of the first PoP while load balancing 
among the plurality of proxy services. 



48. (New) The method of claim 47, fiirther comprising: 

obtaining an IP address for the user fi-om the AAA service in the user's domain if the user's 
domain does not correspond to that of the first PoP. 



49. (New) The method of claim 47, fiirther comprising: 

assigning an IP address to the user fi:-om a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the first PoP. 



50. (New) The method of claim 47, fiirther comprising: 

assigning an IP address to the user firom an IP address pool identified in an access-accept packet 
received fi'om the user's domain's AAA service if the user's domain does not correspond to 
that of the first PoP. 
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51. (New) A method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database, said central database containing access information for 

authentication, authorization and accounting services associated with domains of the data 

communications network: 
maintaining at a first point of presence (PoP) of the data communications network a plurality of 

AAA services at least one AAA service and at least one proxy service and at least one 

protocol gateway in communication with a network access scrv cr OJAS); 
periodically transmitting information contained in said central database over the data 

communications network to said AAA and said proxy service: 
receiving at a protocol gateway in the PoP a network access request from a user through a 

network access server fNAS"): 
parsing the network access request at the protocol gateway for an identification of the user's 

domain: 

routing the network access request to one of said plurality of AAA services at the first PoP if the 
user's domain corresponds to that of the first PoP while load balancing among said plurality 
of AAA services: 

looking up access information within a domain identification entry corresponding to the user's 
domain in a database associated with one of said plurality of proxy services if the user's 
domain does not correspond to that of the first PoP while load balancing among said 
plurality of proxy services: and 
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proxving the network access request to an AAA service in the user's domain at an address and 
port as specified in the access information if the user's domain does not correspond to that of 
the first PoP. 



52. (New) The method of claim 5K fiirther comprising: 

obtaining an IP address for the user firom an AAA service in the user's domain if the user's 
domain does not correspond to that of the first PoP. 



53. (New) The method of claim 51, fiirther comprising: 

assigning an IP address to the user fi-om a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the first PoP. 



54. (New) The method of claim 51. fiirther comprising: 

assigning an IP address to the user firom an IP address pool identified in an access-accept packet 
received fi'om the user's domain's AAA service if the user's domain does not correspond to 
that of the first PoP. 



55. (New) A method for managing network access requests to a data communications network, said 
method comprising: 

periodically transmitting updating information contained in a central database over the data 
communications network to an authentication, authorization and accoimting (AAA) service 

associated with a first point of presence (PoP) of the data communications network: 
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receiving at a protocol gateway in the first point of presence (PoP) of the data communications 
network a network access request from a user received through a network access server 
(NAS): 

parsing the network access request for an identification of the user^s domain: 

routing the network access request to the AAA service associated with the first PoP if the user's 

domain corresponds to that of the first PoP: 
looking up a domain identification entrv corresponding to the user's domain in a database if the 

users domain does not correspond to that of the first PoP: 
proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entrv of the database if the user's domain does not 

correspond to that of the first PoP. 

56. (New) The method of claim 55, fiirther comprising: 

obtaining an IP address for the user from the AAA service in the user's domain if the user's 
domain does not correspond to that of the first PoP. 

57. (New) The method of claim 55. fiirther comprising: 

assigning an IP address to the user from a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the first PoP. 
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58. (New) The method of claim 55. further comprising: 

assigning an IP address to the user from an IP address pool identified in an access-accept packet 
received from the user's domain's AAA service if the user's domain does not correspond to 
that of the first PoP« 

59, (New) A system for data communications network access management, comprising: 

a central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated v/ith domains of the data 

communications network: 
a first point of presence (PoP) on the data communications network, said first PoP including a 

protocol gateway in communication with at least one network access server (NAS): 
an AAA service associated with said first PoP and in conmiunication with said protocol gateway 

and the data communications network; 
a proxy service associated with the first PoP and in communication with said protocol gateway 

and the data communications network, 
a transmitter, said transmitter transmitting information from said central database to said AAA 

service at said first PoP and said proxy service at said first PoP over the data 

conmiunications network; 
said protocol gateway receiving network access requests from users over the NAS, parsing the 

requests for domain identification and routing the requests for domains other than those 

associated with the first PoP to the proxy service, 
said proxy service routing network access requests to AAA services in remote domains in 

accordance with said access information. 
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60. (New) The system of claim 59. further comprising: 

an AAA database associated with said AAA service at said first PoP: 
a proxy database associated with said proxy service at said first PoP. 
said AAA database populated at instantiation of said AAA service by receiving information 

transmitted bv said transmitter fi'om said central database, 
said proxy database populated at instantiation of said proxy service bv receiving information 

transmitted by said iraiisniitter fiom said database. 

61. (New) A system for data communications network access management, comprising: 

a central database containing information identifying access information for authentication. 

authorization and accoimting (AAA) services associated with domains of the data 

communications network: 
a first point of presence (PoP) on the data communications network, said first PoP including a 

protocol gateway in communication with at least one network access server (NAS): 
a plurality of AAA services associated with said first PoP and in communication with said 

protocol gateway, said AAA services subscribing to information published by said 

publisher: 

a plurality of proxy services associated with said first PoP and in communication with said 
protocol gateway, said proxy services subscribing to information published by said 
publisher: and 
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a transmitter, said transmitter transmitting information from said central database over the data 
communications network to said plurality of AAA services associated with said first PoP 
and to said plurality of proxv services associated with said first PoP, 

said protocol gateway receiving network access requests from users over the NAS, parsing the 
requests for domain identification and routing the requests for domains other than those 
associated with the first PoP to one of said plurality of proxy services while load balancing 
among them, 

said proxy service routing network access requests to AAA serv^ices in remote dom^ains in 
accordance with said access information. 

62. (New) The system of claim 6L fiirther comprising: 

a plurality of AAA databases associated with said respective AAA services at said first PoP: and 
a plurality of proxy databases associated with said respective proxy services at said first PoP, 
said AAA databases populated at instantiation of said respective AAA services by receiving 

information transmitted by said transmitter from said central database, 
said proxy databases populated at instantiation of said respective proxy services by receiving 

information transmitted by said transmitter from said central database. 

63. (New) A system for managing access to a data communications network, said system 
comprising: 

means for communicating with a central database via the data commimications network, the 
central database containing information identifying access information for authentication, 
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authorization and accounting (AAA) services associated with domains of the data 
communications network: 
means for communicating with a local AAA service associated with a local Point of Presence 
{PoPl; 

means for commimicating with a remote AAA service via a local proxy service: 
means for instantiating the local AAA service from the central database: 
means for receiving a network access request from a user through a local network access server 
UNAS); 

means for checking the network access request to determine an identification of the user's 
domain: 

means for routing the network access request to the local AAA service if the user's domain 

corresponds to that of the local PoP: 
means for looking up a domain identification entry corresponding to the user's domain in the 

local AAA service's database if the user's domain does not correspond to that of the local 

PoP: and 

means for proxying the network access request to a remote AAA service in the user's domain at 
an address and port as specified in the domain identification entry of the database if the 
user's domain does not correspond to that of the local PoP. 

64. (New) A system for managing access to a data communications network, said system 
comprising: 

means for communicating with a central database via the data communications network, the 
central database containing information identifying access information for authentication, 
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authorization and accounting (AAA) services associated with domains of the data 
communications network: 
means for conmiunicating with a plurality of local AAA services associated with a local Point of 
Presence (PoP): 

means for communicating with a plurahtv of local proxy services associated with the local PoP; 
means for communicating with a remote AAA service via a local proxy service: 
means for instantiating the local AAA services from the central database: 

means for instantiating the local proxy ser/iccs from the central database: 
means for receiving a network access request from a user through a local network access server 
(NAS): 

means for checking the network access request to determine an identification of the user's 
domain: 

means for routing the network access request to the local AAA service if the user's domain 

corresponds to that of the local PoP: 
means for looking up a domain identification entry corresponding to the user's domain with the 

local AAA services if the user's domain does not correspond to that of the local PoP: 
means for proxving the network access request to a remote AAA service in the user's domain at 

an address and port as specified in the domain identification entry of the local AAA services' 

database if the user's domain does not correspond to that of the local PoP: and 
means for receiving network access requests from users over a network access server OJAS). 

parsing the requests for domain identification and routing the requests for domains other 

than those associated with the first PoP to one of said plurality of proxy services while load 

balancing among them. 
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said proxy service routing network access requests to the remote AAA service in accordance 
with said access information. 

65. (New) A method for accounting for use of a data communications network, said method 
comprising: 

means for communicating with a central database via the data communications network, the 

central database containing information identifying access information for authentication. 

authorization and accounting (AAA) services associated with domains of the data 

communications network; 
means for communicating with at least one local AAA service associated with a local Point of 

Presence (PoP); 
means for communicating with a remote AAA service: 
means for instantiating the local AAA services from the central database: 
means for receiving a network access request from a user through a local network access server 

(NAS); 

means for checking the network access request to determine an identification of the user's 
domain: 

means for routing accoimting information associated with the user to the local AAA service if 

the user's domain corresponds to that of the local PoP: 
means for looking up a domain identification entrv corresponding to the user's domain with the 

local AAA services if the user's domain does not correspond to that of the local PoP: 
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means for routing the accounting information to a remote AAA service in the user's domain at an 
address and port as specified in the domain identification entry of the local AAA services' 
database if the user's domain does not correspond to that of the local PoP. 



66. (New) A method for managing network access accounting in a data communications network, 
said method comprising: 

maintaining a central database coupled to the data communications network: 

maintaining at least a local authentication, authorization and accounting (AAA) service at a local 

point of presence (PoP) of the data communications network: 
configuring a database associated with the local AAA service from the central database by 

transporting information from the central database over the data communications network to 

the database associated with the local AAA service: 
receiving accounting information from a network access server (NAS) responsive to utilization 

of the data communications network by a user coupled to the data communications network 

through the NAS: 

forwarding said accounting information to the local AAA service if the user's domain 
corresponds to that of the local PoP: and ' 

forwarding said accounting information to a remote AAA service in the user's domain at an 
address and port as specified in the domain identification entry of the local AAA service's 
database if the user's domain does not correspond to that of the local PoP. 

67. (New) An apparatus for managing network access accounting in a data communications 
network, said apparatus comprising: 
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means for maintaining a central database coupled to the data communications network: 
means for maintaining at least a local authentication, authorization and accounting (AAA) 

service at a local point of presence fPoP) of the data communications network: 
means for configuring a database associated with the local AAA service from the central 

database by transporting information from the central database over the data 

communications network to the database associated with the local AAA service: 
means for receiving accounting information from a network access server (NAS) responsive to 

utilization of tlie data communications network by a user coupled to the data 

communications network through the NAS: 
means for forwarding said accounting information to the local AAA service if the user's domain 

corresponds to that of the local PoP: and 
means for forwarding said accounting information to a remote AAA service in the user's domain 

at an address and port as specified in the domain identification entry of the local AAA 

service's database if the user's domain does not correspond to that of the local PoP. 

68. (New) A system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network: 

at least a first authentication, authorization and accounting (AAA) service at a first point of 
presence (PoP) of the data communications network and a second AAA service at a second 
PoP of the data communications network: and 

a database configurer configuring a database associated with the-first AAA service from the 
central database bv transporting information from the central database over the data 
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communications network to the database associated with the first AAA service and 
configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data commimications network to 
the database associated with the second AAA service. 

69. (New) An apparatus for managing network access to a data communications network, said 
method comprising: 

means for maintaining a central database coupled to tlie data communications ne^,vork; 

means for maintaining at least a first authentication, authorization and accounting (AAA) service 

at a first point of presence fPoP) of the data communications network and a second AAA 

service at a second PoP of the data communications network: 
means for configuring a database associated with the first AAA service from the central database 

by transporting information from the central database over the data communications network 

to the database associated with the first AAA service: and 
means for configuring a database associated with the second AAA service from the central 

database by transporting information from the central database over the data 

communications network to the database associated with the second AAA service. 

70. (New) A system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data conmiunications network: 
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a plurality of first authentication, authorization and accoxinting (AAA) services disposed at a 
first point of presence (PoP) of the data communications network and a second AAA service 
disposed at a second PoP of the data communications network: 

a first database configurer configuring one or more databases associated with the first AAA 
services firom the central database by transporting information fi"om the central database 
over the data communications network to the database(s) associated with the fu:st AAA 
services: and 

a second database configurer configuring a database associated v/ith the second AAA service 
fi:'om the central database by transporting information fi-om the central database over the data 
communications network to the database associated with the second AAA service. 

71. (New) An apparatus for managing network access to a data conmiunications network, said 
method comprising: 

means for maintaining a central database coupled to the data communications network: 

means for maintaining a plurality of first authentication, authorization and accounting (AAA) 
service at a first point of presence (PoP) of the data communications network and a second 
AAA service at a second PoP of the data communications network: and 

means for configuring one or more databases associated with the first AAA services fi'om the 
central database by transporting information fi-om the central database over the data 
commimications network to the database(s) associated with the first AAA services: and 

means for configuring a database associated with the second AAA service firom the central 
database by transporting information fi-om the central database over the data 
communications network to the database associated with the second AAA service. 
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72. (New) A system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network: 

a plurality of first authentication, authorization and accounting (AAA) services disposed at a 
first point of presence (PoP) of the data communications network and a second AAA service 
disposed at a second PoP of the data communications network: and 

a database configurer configuring one or more databases associated with the first AAA services 
firom the central database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services and 
configuring a database associated with the second AAA service fi'om the central database by 
transporting information fi-om the central database over the data communications network to 
the database associated with the second AAA service. 

73. (New) An apparatus for managing network access to a data communications network, said 
method comprising: 

means for maintaining a central database coupled to the data communications network: 
means for maintaining a plurality of first authentication, authorization and accounting (AAA) 
service at a first point of presence (PoP) of the data communications network and a second 
AAA service at a second PoP of the data communications network: and 
means for configuring one or more databases associated with the first AAA services firom the 
central database by transporting information &om the central database over the data 
communications network to the database(s) associated with the first AAA services and for 
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configuring a database associated with the second AAA service from the central database bv 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service. 
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